Oracle has just released Java 8u91, which contains 9 new security fixes and is a recommended update for all Java 8 users.

The vulnerabilities which are patched may be remotely exploitable without authentication, such as username and password. So they are potentially very serious indeed.

It can be downloaded from here.